java.lang.Object
org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore

public class NativeUsersStore extends Object
NativeUsersStore is a store for users that reads from an Elasticsearch index. This store is responsible for fetching the full User object, which includes the names of the roles assigned to the user.

No caching is done by this class, it is handled at a higher level and no polling for changes is done by this class. Modification operations make a best effort attempt to clear the cache on all nodes for the user that was modified.

  • Field Details

  • Constructor Details

  • Method Details

    • getUser

      public void getUser(String username, ActionListener<User> listener)
      Blocking version of getUser that blocks until the User is returned
    • getUsers

      public void getUsers(String[] userNames, ActionListener<Collection<User>> listener)
      Retrieve a list of users, if userNames is null or empty, fetch all users
    • queryUsers

      public void queryUsers(SearchRequest searchRequest, ActionListener<NativeUsersStore.QueryUserResults> listener)
    • changePassword

      public void changePassword(ChangePasswordRequest request, ActionListener<Void> listener)
      Async method to change the password of a native or reserved user. If a reserved user does not exist, the document will be created with a hash of the provided password.
    • createElasticUser

      public void createElasticUser(char[] passwordHash, ActionListener<Void> listener)
      Asynchronous method to create the elastic superuser with the given password hash. The cache for the user will be cleared after the document has been indexed.
    • putUser

      public void putUser(PutUserRequest request, ActionListener<Boolean> listener)
      Asynchronous method to put a user. A put user request without a password hash is treated as an update and will fail with a ValidationException if the user does not exist. If a password hash is provided, then we issue a update request with an upsert document as well; the upsert document sets the enabled flag of the user to true but if the document already exists, this method will not modify the enabled value.
    • setEnabled

      public void setEnabled(String username, boolean enabled, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<Void> listener)
      Asynchronous method that will update the enabled flag of a user. If the user is reserved and the document does not exist, a document will be created. If the user is not reserved, the user must exist otherwise the operation will fail.
    • deleteUser

      public void deleteUser(DeleteUserRequest deleteUserRequest, ActionListener<Boolean> listener)
    • getIdForUser

      public static String getIdForUser(String docType, String userName)
      Gets the document id for the given user and user type (reserved user or regular user).